"breaking 104 bit wep in less than 60 seconds", erik tews, ralf-philipp weinmann and andrei pyshkin.
Reprinted from: CACM 27/8, pp. 761-763 » .
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng.
Bypassing Browser Memory Protections. Setting back browser security by 10 years. Alexander Sotirov, Mark Dowd.
0-Day Patch Exposing Vendors (In)security Performance. Stefan Frei, Bernhard Tellenbach, and Bernhard Plattner.
using cpu system management mode to circumvent operating system security functions. loïc duflot, daniel etiemble, olivier grumelard.
Thirty Years Later: Lessons from the Multics Security Evaluation. Paul A. Karger, Roger R. Schell.
Dorrendorf, Gutterman and Pinkas have reverse engineered the random number generator code from Windows. According to their paper, it is easy (O(1)) to compute a previous random number and possible (O(2^23) to predict the next one. (via The Inquirer)
Cryptanalytic Attacks on Pseudorandom Number Generators. J. Kelsey, B. Schneier, D. Wagner, and C. Hall.